Azure Storage Discovery GA: Centralized Insights with Copilot in Azure

Microsoft has released Azure Storage Discovery to general availability, a managed service that gives organizations a single-pane view across Azure Blob Storage and Azure Data Lake Storage and pairs those insights with Copilot in Azure for natural‑language exploration and visualization.

Background / Overview​

Azure Storage Discovery addresses a common enterprise pain point: sprawling object storage across subscriptions, regions, and business units that makes cost, security, and operational decisions difficult. It aggregates capacity, activity, configuration, and error telemetry from hundreds — up to a million — storage accounts into a single workspace, produces interactive portal dashboards, and surfaces actionable insights for FinOps, security, and platform teams. The product ships with built‑in integration to Copilot in Azure, enabling non‑specialists to ask questions in natural language and receive charts, tables, and drilldowns rather than raw queries.
The service is fully managed in the Azure portal: you create a Storage Discovery workspace, scope it to the subscriptions or resource groups you control, and the aggregation pipeline begins collecting insights within hours, with initial observations available in less than 24 hours. There are two pricing tiers: a free plan that retains a short history and exposes basic capacity/configuration insights, and a standard plan that stores up to 18 months of data and unlocks activity, errors and security analyses. The free plan provides up to 15 days of historical data as you get started.

---

What Azure Storage Discovery actually does​

Azure Storage Discovery is not a replacement for monitoring or SIEM tools — it is a storage‑estate analytics layer built specifically for blob‑scale object stores. Key capabilities include:

• Capacity insights — aggregated object counts and sizes by subscription, resource group, storage account and region with growth trends and distributions by access tier.
• Activity visibility — transactions, ingress/egress volumes and trends so you can spot where workloads are generating access and transaction costs.
• Configuration analysis — redundancy settings, lifecycle policies, inventory features, encryption modes, and patterns across accounts that reveal inconsistent choices.
• Security posture checks — outliers such as public network access, shared access keys still enabled, anonymous blob access, and encryption configuration anomalies.
• Error and health reporting — aggregated failed operations and error codes to detect systemic issues affecting workloads.

These capabilities are delivered as portal reports and interactive dashboards, plus the ability to ask follow‑up questions to Copilot in Azure and receive visualized answers directly inside the workspace.

---

How Copilot changes the game​

The Copilot integration is the most visible differentiator. Rather than forcing engineers to craft Kusto or REST queries against logs and inventory tables, stakeholders can ask targeted prompts such as “How is storage size trending over the past 30 days by region?” or “Provide a table of storage accounts above 1 TiB with the least transactions.” Copilot translates those prompts into queries against the Storage Discovery aggregated dataset and returns charts or tables for immediate inspection. This lowers the barrier for CIOs, IT managers and business owners to interrogate their estate without scripting.
Important nuance: Copilot acts on the analyzed, aggregated dataset in Storage Discovery — it is a query and visualization layer, not an operational automation engine inside the product itself. Operational changes still require either portal actions, automation tooling or services such as Azure Storage Actions.

---

Integration with Azure Storage Actions and lifecycle tooling​

Azure Storage Actions is a separate, fully managed serverless platform Microsoft provides to automate object‑level operations (tier changes, metadata updates, deletes, immutability settings) at scale. Storage Discovery surfaces the candidates and the opportunity; Storage Actions executes large‑scale changes across millions of blobs. The combination allows teams to move from insight to action: Discovery identifies accounts or containers likely to yield cost savings (for example, large Hot‑tier datasets with low transactions), and Storage Actions applies tiering or cleanup tasks with controlled execution and billing based on objects scanned and operations performed.

• Benefits of combining the two:
• Rapid identification of cost‑saving opportunities by region, tier and activity.
• Safe, validated previews in Storage Actions before applying changes.
• Serverless scale without provisioning compute to iterate over billions of objects.

---

Pricing, retention and availability — what you need to know​

Microsoft documents two pricing tiers for Storage Discovery:

• Free plan — capacity and configuration insights retained for up to 15 days; intended for quick kickoffs and small estates.
• Standard plan — full set of insights (capacity, activity, errors, security) with retention up to 18 months, enabling seasonal and annual trend analysis.

A Storage Discovery workspace can analyze storage accounts from subscriptions and regions you can access; Microsoft notes the workspace is scoped by subscription/resource group and can analyze large estates. Pricing is typically based on the object and account counts analyzed (tiered); exact regional list prices are published in Azure pricing pages and the product documentation. Administrators should consult their billing team and the portal pricing calculator for tenant‑specific estimates.
Caveat: regional availability and promotional offers have changed frequently across Azure product launches; always confirm the supported regions and any promotional pricing in the Azure portal for your subscription before planning a rollout. Some third‑party region trackers and Azure update aggregators also reflect regional rollouts and timelines if cross‑validation is needed.

---

Practical use cases and quick wins​

Azure Storage Discovery is designed for measurable, operational outcomes. Typical use cases include:

• Cost optimization and FinOps
• Identify large, infrequently accessed datasets stored in Hot tier and move them to Cool or Archive using Storage Actions. Copilot can produce the candidate list with a simple prompt.
• Track long‑term capacity growth by region and business unit to predict budget and capacity needs with the 18‑month retention in the standard plan.
• Security posture and compliance
• Find storage accounts still using shared keys, allowing prioritized remediation to Entra‑based (Azure AD) authentication and managed identities. Copilot visualizations make it easy to see regional concentrations.
• Detect anonymous public access or accounts that lack required TLS minima and drive remediation through policy.
• Operational reliability and troubleshooting
• Surface accounts showing repeated error codes or throttling symptoms by aggregating failed operations across accounts to identify misconfigured clients or hotspots.
• Governance and architecture alignment
• Validate that redundancy choices (LRS, ZRS, GRS) are consistent with workload SLAs and business risk appetite; identify potential over‑provisioning or under‑protection.

Each of these outcomes is most effective when governance (tagging, resource naming, RBAC, and subscription boundaries) is already in place so Discovery’s scoping can align with business domains.

---

Deployment checklist — a practical two‑step start​

Microsoft deliberately simplified onboarding to two core steps:

• Create and configure an Azure Storage Discovery workspace and select the subscriptions/resource groups containing the storage accounts you want analyzed. Define “Scopes” to match business groups or workloads.
• Wait for the workspace to aggregate data. Initial insights can appear within a few hours and the product backfills up to 15 days of historic data on first run for the free tier. For the standard plan, retention stretches to 18 months.

Operational recommendations:

• Use least‑privilege service principals and role assignments when granting Discovery read access.
• Tag storage accounts by cost center and environment (prod/dev) before discovery to enable straightforward scoping and filterable reports.
• Start with a FinOps pilot (identify top 10 heavy accounts) before rolling out across all subscriptions.

---

Strengths: where Storage Discovery shines​

• Simplicity and speed — a few clicks to a workspace and insights appear quickly without custom telemetry pipelines.
• Natural‑language access — Copilot democratizes analysis, letting non‑engineers explore the estate with charts and tables instead of Kusto queries.
• Actionable integration — pairing Discovery with Storage Actions closes the loop from insight to automated change at scale.
• Long‑term trend analysis — the 18‑month retention in the standard plan enables seasonal and year‑over‑year capacity planning that short‑lived telemetry solutions miss.

---

Risks, limitations and governance concerns​

Azure Storage Discovery brings important benefits, but it also introduces areas that must be guarded:

• Data residency and privacy — Discovery aggregates metadata and telemetry about storage objects across accounts. Organizations in regulated industries should validate how aggregated data is stored and ensure the workspace is provisioned in compliant regions and subscriptions. Confirm tenant‑level controls and retention policies before enabling wide scoping. Treat any aggregated insights used for compliance or legal decisions as advisory until verified against source records.
• Copilot hallucinations and incorrect interpretations — Copilot returns visualizations and tables derived from aggregated data. While convenient, AI‑driven outputs can misinterpret ambiguous prompts or produce misleading summaries if the prompt is poorly specified. Always cross‑check high‑impact findings (e.g., suggested deletions or tier changes) against raw metrics and a human review.
• Permission and scope creep — granting Discovery visibility across many subscriptions requires careful RBAC and service‑principal design. Avoid over‑broad reader scopes; prefer scoped service principals and resource groups aligned to business units.
• Cost management for downstream actions — Storage Actions executions and storage transactions invoked by lifecycle changes carry their own charges. Discovery's cost‑saving suggestions must be validated by cost modeling that includes execution and egress fees.
• Regional availability nuance — Microsoft frequently rolls features regionally. Confirm the service availability for your tenant's regions before relying on specific retention guarantees or quota numbers; documentation and portal UI are the authoritative sources. Third‑party Azure update aggregators can help validate regional rollouts but don’t substitute official docs.

---

Best practices and governance checklist​

• Inventory and tags — tag storage accounts with cost center, environment and owner before discovery to enable useful scoping.
• Scoped onboarding — start with a pilot scope (top 10 storage accounts by size) and validate insights before expanding.
• RBAC hygiene — use least‑privilege service principals restricted to the necessary subscriptions or resource groups.
• Validate decisions — treat Copilot results as starting points. Cross‑validate with raw metrics and a human sign‑off before applying Storage Actions.
• Cost model before action — estimate Storage Actions execution cost and storage API charges before scheduling large tasks.
• Retention policy alignment — ensure Discovery insight retention matches your audit and compliance needs, especially if you rely on historical trends.

---

Final assessment — who should adopt Storage Discovery and when​

Azure Storage Discovery is most valuable for medium and large Azure consumers that:

• Operate many storage accounts across subscriptions and regions.
• Need to centralize FinOps and storage governance analysis without building custom telemetry pipelines.
• Want to democratize storage analysis to non‑engineer stakeholders while retaining engineering‑grade follow‑up via Storage Actions.

For smaller teams with only a handful of accounts, the free plan provides a low‑cost test bed. Larger enterprises will find the standard plan’s 18‑month retention and Copilot‑driven insights particularly useful for capacity planning and regulatory reporting.

---

Conclusion​

Azure Storage Discovery brings a focused analytics layer to Microsoft’s object storage portfolio, turning scattered capacity, activity and configuration signals into consolidated, visual insights — and crucially, puts those insights within conversational reach via Copilot in Azure. When paired with Azure Storage Actions, Discovery becomes a pragmatic FinOps and governance workflow: discover, prioritize, preview, and act. The product’s strengths are speed of onboarding, natural‑language accessibility, and an enterprise‑scale scope suitable for modern data estates. At the same time, organizations must pair the service with robust RBAC, validation checks for AI‑driven outputs, and careful cost modeling for any automated remediation. For any team wrestling with storage sprawl, Storage Discovery is a practical, portal‑native tool that can cut weeks of manual analysis into a few clicks — provided those clicks are governed by policy and follow‑up review.

---

Source: Microsoft Azure Unlock insights about your data using Azure Storage Discovery